United Kingdom


  • Industry: Technology
  • Type: Press release
  • Date: 06/06/2012

EU Cookie Law deadline is largely ignored by UK institutions, despite risk of being fined 


With the 26 May deadline for website providers to gain user consent before installing cookies now passed, a new analysis from KPMG has found that 80% of major UK organisations across UK private and public sectors are still not compliant with the EU Directive on Privacy and Electronic Communications. This is despite the fact that they risk heavy fines of up to £500,000 for non-compliance.


In the analysis of 55 UK websites which was carried out after the deadline on May 28 and 29, KPMG found that only 10 have now implemented measures regarded as compliant with the law by gaining users’ consent and giving them the option to change cookie settings. Compared to KPMG’s first analysis of the same websites back in March, when just one company showed compliance, this is just a small increase despite the passing of 26 May deadline and the risk of fines. The majority of these 10 websites also only follow the approach of “implied consent” which assumes that users accept the use of cookies unless they change their browsers’ settings.


Stephen Bonner, a Partner in the Information Protection and Business Resilience business team at KPMG, said: “There is clearly some progress in that the Cookie Law has had an effect on a number of website providers. However, what we have also seen is a great deal of confusion around what is actually required to comply with the law. Therefore, many organisations take a wait and see approach at this stage. Some also seem to assume that the measures they have taken so far are sufficient – but they are not.


“While there is still much confusion, there is also a call for organisations to adopt a more basic approach towards these requirements; informing customers upfront when you are collecting and analysing information about them builds trust and confidence in your organisation as a whole. Organisations should therefore analyse their situation and make sure their full web as well as mobile presence gets in line with the law. The time to act is now as there have been many complaints to regulators from customers unhappy about their rights not being respected.”



KPMG found that since its first analysis back in March, 40% of websites have now updated or added new policies providing additional detail on cookies including links to relevant information, which is not enough for full compliance. Another 40% of websites have not introduced any changes since March at all. In addition, no organisation had implemented measures for their mobile websites. Compliance in most cases refers to the main web presence, whereas secondary sites are typically non-compliant.



- END -


Notes to Editors:


The “EU Directive on Privacy and Electronic Communications” refers to online data protection and privacy. It covers confidentiality of information and the treatment of spam as well as of cookies. The directive came into in effect in May 2011 and is enforced in the EU states since 26 May 2012.


Cookies are small text files which are used by websites to analyse their visitors’ internet behavior. The files are stored on a user’s hard disk to enable targeted advertising and personalised web pages. Cookies are also used by e-commerce sites to manage users’ shopping carts.


For further information please contact:


MHP Communications


Emma Bowden/ Lucinda Kemeny

Tel: 07585 902 017 / 07958 924 188

Email: kpmg@mhpc.com



About KPMG


KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with nearly 11,000 partners and staff.  The UK firm recorded a turnover of £1.6 billion in the year ended September 2010. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. We operate in 150 countries and have more than 138,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity.  KPMG International provides no client services.